tested timer field

main.py

@@ -134,9 +134,6 @@ def submission ():
         response.status = 500
         return resp('error', 'La base de donnée n’est pas accessible.')
 
-    try:
-        subject_fields = fill_fields(request, get_fields(form['subject']))
-        content_fields = fill_fields(request, get_fields(form['content']))
     # Did the bot filled the honeypot field?
     if 'honeypotfield' in form and form['honeypotfield'] in request.forms and request.forms.get(form['honeypotfield']) != '':
         response.status = 400
@@ -148,8 +145,11 @@ def submission ():
             response.status = 400
             return resp('error', 'We identified you as a bot. If this is an error, try to contact us via another way.')
 
+    try:
+        subject_fields = fill_fields(request, get_fields(form['subject']))
+        content_fields = fill_fields(request, get_fields(form['content']))
     except MissingParameterException as e:
-        response.status = 404
+        response.status = 400
         return resp('error', str(e))
 
     subject = re.sub(form_regex, r'{\1}', form['subject']).format(**subject_fields)
@@ -270,10 +270,6 @@ def create_form ():
         response.status = 400
         return resp('error', 'Le champs « contenu » est requis')
 
-    if 'honeypotfield' in request.forms:
-        honeypotfield = request.forms.getunicode('honeypotfield')
-    else:
-        honeypotfield = None
 
     # Getting from address
     if 'mail' in request.forms:
@@ -290,14 +286,19 @@ def create_form ():
     # TODO limit the insertion rate
     token = ''.join(random.sample(token_chars, token_len))
     try:
-        inserted = mongodb_database['forms'].insert_one({
+        newEntry = {
             'mail': mail,
             'content': content,
             'subject': subject,
             'user_id': user['_id'],
             'token': token,
-            'honeypotfield': honeypotfield,
+        }
-        })
+        if 'honeypotfield' in request.forms:
+            newEntry['honeypotfield'] = request.forms.getunicode('honeypotfield')
+        if 'timerdelay' in request.forms:
+            newEntry['timerdelay'] = request.forms.getunicode('timerdelay')
+
+        inserted = mongodb_database['forms'].insert_one(newEntry)
     except pymongo.errors.ServerSelectionTimeoutError as e:
         response.status = 500
         return resp('error', 'La base de donnée n’est pas accessible')

test.html

@@ -7,7 +7,8 @@
 <body>
 <div id="contact-mailer-message"></div>
 <form action="http://localhost:8080/submit" method="POST" id="contact-mailer-form">
-    <input type="hidden" name="token" value="sYMXDz5UKuRF38LbQl20ikrmp7nhHcxTCgGZodqAaBtSvPOV4f" />
+    <noscript>Les protections anti-spam, nécéssitent l’utilisation de javascript. Rien d’intrusif normalement.</noscript>
+    <input type="hidden" name="token" value="PK8gQHDx9VoJ7yuEhbj5iCZkcUOAqTYlRSN14XFtdfr3LBs0zn" />
     <div>
       <label for="nom">Votre nom&nbsp;:</label>
       <input type="text" name="nom" required="required"/>